Based on 249 reviews and ratings
Based on 229 reviews and ratings
Cisco ASA and FortiGate are products that provide security for network applications, including firewall, SSL, web filtering and VPN. Both Cisco ASA and FortiGate are well liked among medium to enterprise sized businesses, but large established businesses tend to choose ASA, especially if their server environment is already Cisco. FortiGate is more popular among medium-sized businesses, which are more likely to be price sensitive.
Cisco ASA and FortiGate provide many of the same services, but there are standout features of each.
Cisco ASA is easy to deploy and works well in most environments. It adapts well to small and medium scale servers, especially servers that use Cisco products already. Users like the VPN for connecting remote users to the network or connecting one site to another, and businesses appreciate the web filtering component. The hardware is reliable, as is Cisco technical support.
FortiGate is a newer up-and-comer to the world of network security. It handles traffic spikes and larger server loads with ease, and is more affordable than its comparable competitors. The interface is simple to use, and the firewall is easy to configure. Simplified pricing allows businesses to pay only for the services they use.
Each of these firewall products has its own limitations that may affect which one potential customers will choose.
Though many users appreciate Cisco ASA and its reliable system and support, it can become expensive for smaller businesses, especially when factoring in support contracts. The interface is clunky and can be difficult to use. ASA is not as fully-featured as an NGFW (it’s missing the reliable multi-WAN support FortiGate has), and several users reported switching to an NGFW for a more robust solution.
The downside of FortiGate’s simplified pricing is that it affects scalability. If a user wants to increase server performance, they must buy additional products. Various versions of the software can be buggy, and frequent patches are released. While the user interface is good, the command line prompt can be confusing to use.
FortiGate pricing is available by quote from Fortinet or 3rd party providers. ASA pricing can be found by contacting Cisco or a certified Cisco Partner.
Provided by the TrustRadius Research Team
Published on October 8, 2020
Likelihood to Recommend
Feature Rating Comparison
Active Directory and LDAP
Firewall Management Console
Reporting and Logging
- How we can manage: ASDM the GUI is so much easier to manage it even for a new guy also.
- Traffic handling capacity
- More secure and the different features it gives.
- Support from the TAC team or from the community manages to handle issues very efficiently.
- It is the most reliable NGFW that we have ever been touch with it.
- You can easily upgrade the firewall cluster firmware without user attention!!!
- User IDentity based feature is fantastic and intrusion prevention just works with least false-positive possible.
- Very reachfull and intuitive GUI, just love it
- The Java based ASDM can botch commands and isn't compatible on some more locked down systems.
- Monitoring. Really the same complaint as above, the monitoring available through the ASDM is crappy at best. A much better solution is to send the logs and mirror packets to a SEIM, but that can create issues of its own when looking for realtime analysis.
- Compatibility across other ASA models. ASA 5520s don't play well with 5525X which don't play well with older 5510s. Each is great on it's own, but it's next to impossible to logically stack them or have them as layers of firewalls in an infrastructure.
- Lack of cloud based management. The Cisco Meraki security devices do this well, but the ASAs are still behind in this regard.
- When we switched to Fortinet Fortigate, it took some time getting used to and become familiar with the new interface. Being used to strictly command-line interfaces, a full GUI-based firewall was something brand new. Careful planning had to be done when creating rules to ensure we didn't miss anything. However, once we got used to the new GUI interface, going from one Fortinet product to another was simple, as Fortinet used the same interface for all of its devices.
Likelihood to Renew
Reliability and Availability
Return on Investment
- The next gen features allowed us to remove an older exinda device from our network by replacing that qos functionality and reporting.
- The geoblocking features have allowed us to block many of our biggest threat sources from even trying to attach our systems, which makes our security reporting look much cleaner.
- We needed granular user reporting in our web filtering, so we did have to implement a separate proxy solution (which we already had). It was a fair amount of work to integrate but does work with the ASA. Unfortunately, the reporting wasn't as tied to the users for our HR department to rely on.
- Fortigates have an interesting bundle model for support and subscription services that make it an attractive option to deploy Firewall, IDS, Ant-virus, anti-SPAM in a single device. The cost of the bundle is pretty much what you pay for the device, not requiring huge expenditures on it's time to renew the hardware.